Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for distributing and monitoring insertion of sensitive data into devices, said method comprising: arranging a controller to be communicably connectable to a server being located remote therefrom, said server configured to be communicably connectable to equipment responsible for inserting said sensitive data into said devices, said controller being configured for distributing said sensitive data to said server to enable said server to provide said sensitive data to said equipment, said controller comprising a secure module for performing cryptographic operations; said controller using said secure module to cryptographically protect said sensitive data; said controller sending a cryptographically protected data transmission comprising said sensitive data to said server to enable said server to extract said sensitive data therefrom; said controller providing a credit value to said server indicative of a number of sensitive data insertions that are permitted before requesting more of said sensitive data from said controller to enable said server to update said credit value according to amounts of said sensitive data provided to said equipment; said controller receiving a log report from said server, said log report pertaining to the insertion of an amount of said sensitive data into respective devices by said equipment upon said equipment obtaining said amount of sensitive data from said server upon request, said log report having been generated from at least one log record obtained by said server from said equipment; and said controller enabling said log report to be compared to a record generated by said controller indicative of distribution of said sensitive data to said server to monitor said insertion of said sensitive data.
2. The method according to claim 1 , further comprising receiving a request from said server for additional sensitive data, and providing said additional sensitive data and a new credit value to said server.
3. The method according to claim 1 , wherein said log report further comprises a log record indicative of the distribution of said amount of sensitive data by said server to said equipment.
4. The method according to claim 1 wherein said secure module encrypts a header included in said data transmission to protect a key, said key enabling said server to decrypt said transmission and extract said sensitive data therefrom.
5. The method according to claim 1 , further comprising initiating a provisioning procedure executed prior to sending said sensitive data to said server, said provisioning procedure being used to initialize said server and said secure module.
6. The method according to claim 1 comprising sending said data transmission to a plurality of servers.
7. The method according to claim 1 further comprising said controller sending a credit instruction to said server indicating an update for said credit value.
8. The method according to claim 1 further comprising said controller sending to said server, an object for implementing an existing data insertion solution, said existing solution modifying said data; said object having been signed to be provided to a secure module for said server to store said signed object, verify said signed object, and modify said sensitive data according to said existing solution if said signed object is verified.
9. The method according to claim 1 wherein said data transmission includes a plurality of types of sensitive data, said method further comprising said secure module sending certain ones of said types according to permissions established by said controller.
10. The method according to claim 9 wherein said log report includes an indication of which one of said types has been provided by said secure module to said equipment.
11. The method according to claim 1 further comprising said controller sending a configuration message to said server for use in modifying settings in a secure module at said server.
12. The method according to claim 1 , wherein said log report is received by said controller in response to a poll initiated by one of said server and said controller.
13. The method according to claim 1 , wherein said log report is received by said controller for obtaining additional sensitive data, wherein a further data transmission is sent to said server if comparison of said log report to said record generated by said controller indicative of distribution of said sensitive data to said server is favourable, and additional sensitive data is required; and wherein said controller sends to said server an instruction to inhibit further extraction of said sensitive data from any previous transmission if said comparison is not favourable.
14. The method according to claim 1 wherein said sensitive data comprises a plurality of keys, said data transmission including a quantity of said keys encrypted by said secure module to enable said server to decrypt one or more of said keys as indicated by instructions provided by said controller apriori.
15. The method according to claim 14 wherein said secure module encrypts said quantity of keys to enable said server to individually re-encrypt each key; wherein certain ones of said keys are decrypted for use by said equipment upon a request made by said equipment.
16. The method according to claim 1 wherein said secure module contains a symmetric key for communicating over forward and backward communication channels between said server and said controller.
17. The method according to claim 1 , wherein inserting said sensitive data comprises injecting information into said devices.
18. The method according to claim 1 , wherein inserting said sensitive data comprises keying said devices.
19. A system for distributing and monitoring insertion of sensitive data into devices, said system comprising: a controller device communicably connectable to a server being located remote therefrom, said server configured to be communicably connectable to equipment responsible for inserting said sensitive data into said devices, said controller device being configured for distributing said sensitive data to said server to enable said server to provide said sensitive data to said equipment, said controller device comprising a secure module for performing cryptographic operations; said controller device being configured for: using said secure module to cryptographically protect said sensitive data; sending a cryptographically protected data transmission comprising said sensitive data to said server to enable said server to extract said sensitive data therefrom; providing a credit value to said server indicative of a number of sensitive data insertions that are permitted before requesting more of said sensitive data from said controller device to enable said server to update said credit value according to amounts of said sensitive data provided to said equipment; receiving a log report from said server, said log report pertaining to the insertion of an amount of said sensitive data into respective devices by said equipment upon said equipment obtaining said amount of sensitive data from said server upon request, said log report having been generated from at least one log record obtained by said server from said equipment; and enabling said log report to be compared to a record generated by said controller indicative of distribution of said sensitive data to said server to monitor said insertion of said sensitive data.
20. The system according to claim 19 , wherein said controller device is further configured for receiving a request from said server for additional sensitive data, and providing said additional sensitive data and a new credit value to said server.
21. The system according to claim 19 , wherein said log report further comprises a log record indicative of the distribution of said amount of sensitive data by said server to said equipment.
22. The system according to claim 19 wherein said secure module encrypts a header included in said data transmission to protect a key, said key enabling said server to decrypt said transmission and extract said sensitive data therefrom.
23. The system according to claim 19 , wherein said controller device is further configured for initiating a provisioning procedure executed prior to sending said sensitive data to said server, said provisioning procedure being used to initialize said server and said secure module.
24. The system according to claim 19 , wherein said controller device is further configured for sending said data transmission to a plurality of servers.
25. The system according to claim 19 , wherein said controller device is further configured for sending a credit instruction to said server indicating an update for said credit value.
26. The system according to claim 19 , wherein said controller device is further configured for sending to said server, an object for implementing an existing data insertion solution, said existing solution modifying said data; said object having been signed to be provided to a secure module for said server to store said signed object, verify said signed object, and modify said sensitive data according to said existing solution if said signed object is verified.
27. The system according to claim 19 wherein said data transmission includes a plurality of types of sensitive data, and wherein said controller device is further configured for sending certain ones of said types according to permissions established by said controller system.
28. The system according to claim 27 wherein said log report includes an indication of which one of said types has been provided by said secure module to said equipment.
29. The system according to claim 19 wherein said controller device is further configured for sending a configuration message to said server for use in modifying settings in a secure module at said server.
30. The system according to claim 19 , wherein said log report is received by said controller device in response to a poll initiated by one of said server and said controller.
31. The system according to claim 19 , wherein said log report is received by said controller for obtaining additional sensitive data, wherein a further data transmission is sent to said server if comparison of said log report to said record generated by said controller indicative of distribution of said sensitive data to said server is favourable, and additional sensitive data is required; and wherein said controller sends to said server an instruction to inhibit further extraction of said sensitive data from any previous transmission if said comparison is not favourable.
32. The system according to claim 19 wherein said sensitive data comprises a plurality of keys, said data transmission including a quantity of said keys encrypted by said secure module to enable said server to decrypt one or more of said keys as indicated by instructions provided by said controller apriori.
33. The system according to claim 32 wherein said secure module encrypts said quantity of keys to enable said server to individually re-encrypt each key; wherein certain ones of said keys are decrypted for use by said equipment upon a request made by said equipment.
34. The system according to claim 19 wherein said secure module contains a symmetric key for communicating over forward and backward communication channels between said server and said controller.
35. The system according to claim 19 , wherein inserting said sensitive data comprises injecting information into said devices.
36. The system according to claim 19 , inserting said sensitive data comprises keying said devices.
Unknown
April 16, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.